Importing Exchange 2013`

This topic contains 10 replies, has 4 voices, and was last updated by Profile photo of Brian Clanton Brian Clanton 1 week, 4 days ago.

  • Author
    Posts
  • #57841
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    I am trying to import from our Exchange Server and so far have been unsuccessful.

    My objecive is to utilized Exchange CMDLETS from Active Directory PS session where I can iterate through my AD OU tree and then edit AD email attributes by creating arrays with Exchange specific smdlets such as 'Get-Contacts'.

    Specifics:
    I am running this command from the Active Directory server
    There is a clustered Exchange server enviornment where all Exchange servers are running on Windows 2012
    Active Directory server and Exchange 2013 servers are on the same subnet, same domain.

    From AD PowerShell Console, I am trying to import my Exchange server session. The credentials have been verified and correct, however when I run this, I receive this error. Since Exchange is running on Win2012, WinRm is already running and accepting commands. I also have the Trusted hosts on the Active Directory server set to '*' to trust all servers. I went over all possibilities but I don't see why this shouldn't work, unless there are components about Exchange Shell I do not understand.

    $UserCredential = Get-Credential
     $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    OutPut

    WARNING: Your connection has been redirected to the following URI: "https://mail.XXXX.com/PowerShell-LiveID?PSVersion=5.0.10586.117
     "
    New-PSSession : [mail.XXXX.com] Connecting to remote server mail.techpro.com failed with the following error message : The WinRM 
    client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned 
    by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help 
    topic.At line:1 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
       ption
        + FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed
  • #58373
    Profile photo of Don Jones
    Don Jones
    Keymaster

    There's potentially a bunch of stuff happening here. TrustedHosts ain't it, though, and you should remove the * setting as it's a terrible, horrible, bad, awful thing to have on a domain controller. Awful. This also likely has nothing to do with credentials, not with that error message.

    First, because you're using a cluster, you're getting a redirect to the active node. That's fine. Have you verified that you can directly connect, via Remoting, to each of the cluster nodes? Using their host names, not a cluster name? Let's start with that.

  • #58463
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    I can successfully remote to each Exchange DAG Member (Database Availability Group) from the Domain Controller which resides on the same Subnet as these Exchange boxes.

    PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex01 -Credential $credentials
    
    [w12-dag-ex01]: PS C:\Users\administrator.TECHPRO\Documents> exit
    
    PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex02 -Credential $credentials
    
    [w12-dag-ex02]: PS C:\Users\administrator.TECHPRO\Documents> exit
    
    PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex03 -Credential $credentials
    
    [w12-dag-ex03]: PS C:\Users\administrator.TECHPRO\Documents> exit
    
    PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex04 -Credential $credentials
    
    [w12-dag-ex04]: PS C:\Users\administrator.TECHPRO\Documents> exit

    Main Objective:
    To compose a script that will iterate through multiple Active Directory OU's and its users and perform checks and edit specific 'Contact' information (showinAddressbook) attributes within AD. Looping construct will be an ARRAY of business OU's, but will need to utilize Exchange cmdlets (one of which is 'Get-Contact'), hence why I need to be able to import Exchange session into my PowerShell session running on Active Directory server.

    More Info:
    Before your post, my research turned up a 'next action item' for me to try and resolve by running the "Exchange Management Troubleshooter" on the server to see if that turns up anything.
    https://support.microsoft.com/en-us/kb/3063897

    However, if you see an alternative direction, please let me know.

    My 'experience' thus far has been a crash course line composed of Kindle PowerShell books, working with ISE, and a smattering of your YouTube Videos, so I might not be as of yet 'fluent' in the correct terms.

  • #58465
    Profile photo of Ron
    Ron
    Participant

    Here's what I use to connect to 2010, but it should still work in 2013.

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://(fqdn)/PowerShell/ -Authentication Kerberos
    Import-PSSession $Session

    You only have to add credentials if not connecting as the current user.

  • #58474
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    Minus the Kerberos authentication, that is exactly the same 'NEW-PSSession' command I did above in my first post. When I try to create a session and assign to a new variable, that is when it errors out.

    Attempting the same with Kerberos shows me that Kerberos is not setup on our system to accept this kind of authentication.

    S C:\Users\administrator.TECHPRO> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $credential -Authentication Kerberos -AllowRedirection
    New-PSSession : [mail.techpro.com] Connecting to remote server mail.XXXX.com failed with the following error message : WinRM 
    cannot process the request. The following error occurred while using Kerberos authentication: The computer mail.techpro.com is 
    unknown to Kerberos. Verify that the computer exists on the network, that the name provided is spelled correctly, and that the 
    Kerberos configuration for accessing the computer is correct. The most common Kerberos configuration issue is that an SPN with the 
    format HTTP/mail.techpro.com is not configured for the target. If Kerberos is not required, specify the Negotiate authentication 
    mechanism and resubmit the operation. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
       ption
        + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed
  • #58477
    Profile photo of Ron
    Ron
    Participant

    Try it with just http. From poking around in Google, there are some other things that have to be configured for https to work properly. Most of the https examples are for O365, where you have to connect over the Internet.

  • #58481
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    Tried it with basic and Kerberos authentication without 'https', still errored out. The last attempt I tried with 'https' and as you can see, the redirect is working in that instance so I suspect that this server only listens on that secure port.

    PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.XXXX.com/powershell/ -Credential $credential -Authentication Kerberos -AllowRedirection
    New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : WinRM 
    cannot process the request. The following error occurred while using Kerberos authentication: The computer mail.XXXX.com is 
    unknown to Kerberos. Verify that the computer exists on the network, that the name provided is spelled correctly, and that the 
    Kerberos configuration for accessing the computer is correct. The most common Kerberos configuration issue is that an SPN with the 
    format HTTP/mail.XXXX.com is not configured for the target. If Kerberos is not required, specify the Negotiate authentication 
    mechanism and resubmit the operation. For more information, see the about_Remote_Troubleshooting Help topic.
    At line:1 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
       ption
        + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed
    
    PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.XXXX.com/powershell/ -Credential $credential -Authentication Basic -AllowRedirection
    New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : The WinRM 
    client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client 
    configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic.
    At line:1 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
       ption
        + FullyQualifiedErrorId : -2144108322,PSSessionOpenFailed
    
    PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $credential -Authentication Basic -AllowRedirection
    WARNING: Your connection has been redirected to the following URI: "https://mail.XXXX.com/PowerShell-LiveID?PSVersion=5.0.10586.117
     "
    New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : The WinRM 
    client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned 
    by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help 
    topic.
    At line:1 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
       ption
        + FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed
  • #58631
    Profile photo of Albert van Boerum
    Albert van Boerum
    Participant

    Hello,

    Can you check the Authentication in IIS?

    in IIS: servername\sites\your Exchange site\Powershell
    Option: Authentication

    What is here Enabled? On my server I see that "Windows Authentication" is Enabled.

    Hope this helps

  • #58711
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    Ah...
    Windows Authentication is Disabled.

  • #58742
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    I am getting negative feedback from my organization's staff as far as allowing Powershell windows authentication from within IIS on Exchange. I will have to to turn this capability on to see if this is my issue.

    I will post if this is in fact the resolution.

  • #58796
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    I am going to consider this ticket 'resolved'.

    The issue was adjusted the Powershell IIS authentication from Disabled to Enabled. After that, I was able to import an Exchange session.

    Many thanks.

You must be logged in to reply to this topic.